How to help customers avoid account takeovers

While merchants can deploy sophisticated technologies and security checks to verify a shopper’s identity and ensure her transactions are not fraudulent, several common consumer behaviors still put her at risk for having her account information stolen by criminals who then use the account to commit fraud, according to nonprofit payments security organization the Merchant Risk Council. Retailers must help educate consumers in order to combat that type of fraud, which is becoming more common, the council says.

“In the last two years, several of our online merchants have seen a drastic increase in this type of fraud and have even seen the rates rise a few months after a large data breach,” a spokesman for the council says. “Credit card numbers are no longer the only piece of information that fraudsters can use to commit fraud online against both consumers and merchants.” With many merchants storing a customer’s billing information within her account, in some cases all a criminal needs to log in and make a purchase is her user name and password.

From 2010 to 2012, the number of incidents of account takeover fraud—in which a criminal steals a consumer’s credentials for logging into an online account and uses her information to make fraudulent purchases—have doubled, according to a report by fraud prevention and payment services vendor Retail Decisions, or ReD.

The Merchant Risk Council suggests that retailers share the following tips with customers to help them keep their data safe:

Do not use the same user name and password for an e-mail account as for e-commerce site accounts.

Do not share login information with anyone.

Do not use passwords that are easy to guess, including ones based on information that can be found easily on a social media account.

Do not click on links in e-mail receipts for purchases you did not make, and contact the merchant immediately when you receive one.